In case you are not following, I’ll reiterate: This is old code so don't give me grief. How old is the code?? I’m not sure exactly, but I was in Jr. High at the time. So again, no jabbing at me for "crap code"! Good?

Ok, the main() function has been fudged to show the purpose and functionality of the vulnerable procedure: "ParseRequest(...)"

The idea was to search for different parameters that were being passed over from an anonymous TCP/IP connection and then parse off the parameter text which would always be terminated by a line feed character (or optional carriage return character).

Can you spot the vulnerabilities? This code makes many assumptions about the "perfectly trustworthy" and "completely bug free" remote peer. This is a prime example of bad code.

We have potential under-flows, overflows, and injection possibilities, potential out-of-bounds memory reading and writing, etc, etc... or to put it in layman's terms: this application would only have been "safe" if it were run on a machine with no networking capabilities period!